PE-sieve v0.3.9

[MBot]

REFACT

• Refactored to use a new pattern matching engine (SigFinder) for shellcode detection. Improved performance.

FEATURE

• Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag
• New fields in the scan_report.json:
  • Save the PE-sieve version with which the scan was performed (scanner_version)
  • In workingset_scan section: added patterns section with information about found patterns:
    • total_matched (count of all patterns matched, including the hardcoded ones)
    • custom_matched (count of patterns matched from the set defined by the user in pattern file)
• New fields in the dump_report.json:
  • If pattern.tag file was generated, the name of this file will be added in the pattern_tags_file field of the relevant module.

See also: HollowsHunter v0.3.9 with the latest PE-sieve

https://private-user-images.githubusercontent.com/3115348/307557883-0f697b0f-2a9b-47eb-ac23-82bc619dc670.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg4MjE2NDUsIm5iZiI6MTcwODgyMTM0NSwicGF0aCI6Ii8zMTE1MzQ4LzMwNzU1Nzg4My0wZjY5N2IwZi0yYTliLTQ3ZWItYWMyMy04MmJjNjE5ZGM2NzAucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDIyNSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDAyMjVUMDAzNTQ1WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YjliYjFkYzJkZWJmYWYxZTllMzJhMWMxMWJkMWViMjQzMTcxNDk2NjE0YmUxOTc4NDlhMzM5ZjlmYzRmZjA1NCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.eF6AqHInwJGoaA-au9DqDOgjWWmFnqpkEw6-6Q_hHQo

Download